OT: FormMail for Dummies

Thanks! I'll see if I can understand it ;-)

...Jim Thompson

I put my contact address in a small GIF file. I doubt that anybody is going to scan it in there.

That's what I have right now, but one of my UseNet "buddies" seems to have submitted it into the scammer's chain.

So I'm investigating a secure-form approach where I can obscure the destination address.

...Jim Thompson

Told you I was a dummy. I used Enkoder to create the script and inserted as instructed. Got a blank page :-(

...Jim Thompson

Or take a look at

For those people who don't have javascript on I also have a form (provided by the ISP, apparently a fixed version of Formmail). Most of what a get through that are attempts to break it.

Robert

I don't know the answer to your FormMail question but you may want to try something simpler.

I use some extremely simple Javascript to disguise my "contact me" address. So far, fingers crossed, I haven't received any spam on it. You can check out the method by going to my site and viewing the source. I stumbled across the method while surfing so I can't take credit for it.

If this looks like it will work for you and you can't figure it out from the code, you can contact me directly, through my website.

Thanks for the link! This looks significantly better than the method I use so I think I'll switch over. The only problem is that if Automatic Labs stops offering the tool, I'll never be able to figure out or modify the code.

That's what I thought, thus my other reply. Speaking of yer buddies, one of 'em's been gone more than Boki. I remember some bs he posted last year about wanting to take up smoking again for health reasons (and I geshh you figgered out hiza dr-dr-drunk ) Last I heard he was messin' with some huge spud cannon with a pretty impressive range. I wouldn't start dancin' yet but...

Talk about standards, sheesh!

See my other post. < $10/month with real Linux host = in like Flynn. And you'll have more email addys than you need that aren't dependant on Cosuckerserver.

Right. And he uses the little program I linked to get the ascii to hex or decimal conversion of the addy you want to encode.

here it is again:

You should be able to paste any html in there and it'll display right, but encoded.

That isn't going to prevent that little prob last year, though. I think Jim wants an address that can only be mailed through a web form. And maybe you'd have to enter a code from a gif. I think by doing that, it prevents him from revealing his email to anyone wanting to spoof a header. Plus no spam :)

You could hack that out easy, if you know how to validate the input so no system commands get by. PHP or perl to sendmail.

Any hosting service worth a damn should have free cgi scripts for customer service kinda mail and connected to an https port, you get your security... erm, if it's on a linux or bsd with ssl and all. Don't expect any help from Coxsucker's though. For less than $10 a month you've got a few great choices for Linux hosts, too.

My website is not on CoxSuckerServer, just my local connection ;-)

It's either use Cox HSI or use DSL from Qwest... BARF!

My website provider has a script, but it divulges the destination address. I already have in-place a more-than-100-address whitelist.

I don't have time to learn how to write scripts or make forms, so I was hoping to find, for purchase, a canned approach, just fill-in the blanks.

...Jim Thompson

You mentioned their mail server giving you probs. You should have emails with the hosting package.

Lemmee see the webpage. Oh hell. My encoder ring doesn't decode, but I see that cheesy JavaScript crap that brings up a mail client.

Are you hosted on a Linux box? They can set up php if it's not already configured ( uncommented :) ) in httpd.conf -- I found a couple scripts if you are. They'll send the message to the script as a query string and the script just mails you the stuff and returns a thank you page or whatever.

Fill in the blanks. See if you can get the format you want out of that and let me know. I can modify the format if you don't like it. The script just spits html at the browser - but from the script where you can't see the infernals.

You do have to have javascript turned on in your browser. If that isn't it I have no idea :(. I have a form on my page for those who don't want to brwse with javascript on but it attracts different attacks (and I don't know that it's generally available). The javascript doesn't help much if the address ends of in someones e-mail address list and that gets harvested by a piece of mal-ware but I've resigned myself to changing public contact address's in that case.

Good Luck

Robert

Or maybe not. My ISP has banned his scripts outright. I understand (not just from my ISP) that his formmail in particular is a security risk.

Robert

Hello Tim,

You might just be lucky so far. When you look at the link properties the presented email address shows up nice and clear. Spammers that go just a wee bit beyond a source parser should be able to snatch it.

As Luhan does I also use a small image file. I figure that serious requests will be made despite the inconvenience to having to type the address. Same with the phone number, and it works. If someone doesn't want to read and type it probably wasn't urgent, like the umpteenth offer of Tadalafil, whatever that is.

Regards, Joerg

True, but I've been using the same script segment for several years now and it hasn't been a problem yet. I'm much more worried about being harvested by a 'bot than I am about having an individual spammer go to the trouble of going to my site and looking to see what shows up when you hover over the link. That's also why I'd prefer not to use something "canned" since having my implementation be slightly different from others may be enough to keep the 'bots from zapping me.

I also use an image file with my address in it so that people who don't surf with Javascript turned on can still get the address.

In any case, the address I'm protecting is an alias so if it starts collecting spam, I'll just change it to something else and beef up the protection at the same time.

I think it's always a good idea to go with the simplest security until it's breached. This way it will take longer for "superbots" to develop. Sort of like not over-prescribing antibiotics to avoid breeding super-bugs.

Also, depending on what you're using to create the page, it may not show up in your page creator either. I'm using the Composer app from the Mozilla suite and apparently it doesn't understand Javascript because nothing shows up in it. I have to look at the page with the browser (with Javascript enabled) to be able to check it.

That's why I have 2 addresses: one for the website that's an easily changeable alias, and my *real* one that I give out to a select few. And then, of course, there's the dozen or so free webmail addresses that I use when I *know* I'm going to get spammed by someone. ;-)

Check out the following: Matt's Script Archive:

CGI Resource Center:

If you find these too unwieldy, I can give you a small script from our web site.

Many of these require Perl. If your on a Unix machine, chances are it's already installed. Perl for Windoze can be installed with ease.

Aloha, Mark

Tim, take a look at one of my websites to see how I hide the email address from bots.

I sent you some scripts a couple years ago.